Forum » Operacijski sistemi » Okužen WinXP update problem?
Okužen WinXP update problem?
plavko61 ::
Namestil sem AVG9 in ga kar onemogoči.
Posodobitve se nameščajo in izginejo po ponovnem zagnu računalnika(imam izklopjen system restore).
Enako z IE8, po restartu izgine.
Kaj še lahko poskušam?
Hijackthis mi zapre kakor ga zaženem. Ko sem ga preimenoval mi je nekaj izpisal.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:53, on 16.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stane\Desktop\HijackThis2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.najdi.si//
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Windows Login Services] "C:\Documents and Settings\Stane\Application Data\S85-28348346-HAT83-E3-62366-HASG-1732735\winlogon.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Login Services] "C:\Documents and Settings\Stane\Application Data\S85-28348346-HAT83-E3-62366-HASG-1732735\winlogon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Windows Login Services] "C:\Documents and Settings\Stane\Application Data\S85-28348346-HAT83-E3-62366-HASG-1732735\winlogon.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Login Services] "C:\Documents and Settings\Stane\Application Data\S85-28348346-HAT83-E3-62366-HASG-1732735\winlogon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC3D809-287C-4A31-AC4E-4EC5091FEA3E}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC3D809-287C-4A31-AC4E-4EC5091FEA3E}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9a548489aa9f6) (gupdate1c9a548489aa9f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 4966 bytes
Posodobitve se nameščajo in izginejo po ponovnem zagnu računalnika(imam izklopjen system restore).
Enako z IE8, po restartu izgine.
Kaj še lahko poskušam?
Hijackthis mi zapre kakor ga zaženem. Ko sem ga preimenoval mi je nekaj izpisal.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:53, on 16.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stane\Desktop\HijackThis2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.najdi.si//
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Windows Login Services] "C:\Documents and Settings\Stane\Application Data\S85-28348346-HAT83-E3-62366-HASG-1732735\winlogon.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Login Services] "C:\Documents and Settings\Stane\Application Data\S85-28348346-HAT83-E3-62366-HASG-1732735\winlogon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Windows Login Services] "C:\Documents and Settings\Stane\Application Data\S85-28348346-HAT83-E3-62366-HASG-1732735\winlogon.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Login Services] "C:\Documents and Settings\Stane\Application Data\S85-28348346-HAT83-E3-62366-HASG-1732735\winlogon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC3D809-287C-4A31-AC4E-4EC5091FEA3E}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC3D809-287C-4A31-AC4E-4EC5091FEA3E}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9a548489aa9f6) (gupdate1c9a548489aa9f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 4966 bytes
Dvakrat preberi, nato pa blekni...
- spremenilo: plavko61 ()
amigo_no1 ::
Copy& paste log fajla na http://hijackthis.de/ pokaže tole golazen:
http://www.shrani.si/f/3J/7r/2Gecdwk5/h...
Bootaj v safe mode in popravi.
http://www.shrani.si/f/3J/7r/2Gecdwk5/h...
Bootaj v safe mode in popravi.
Zgodovina sprememb…
- spremenilo: amigo_no1 ()
plavko61 ::
tnx, jeje997
nisem vedel da ti tako lep izpis naredijo na http://hijackthis.de/.
Kaj če uporabim "fix this" ni dovolj ali moram res v safemode in removad winlogon.exe
in tisti vpis v registru?
nisem vedel da ti tako lep izpis naredijo na http://hijackthis.de/.
Kaj če uporabim "fix this" ni dovolj ali moram res v safemode in removad winlogon.exe
in tisti vpis v registru?
Dvakrat preberi, nato pa blekni...
Border ::
Se bom jaz v tem postu opisal svoj problem...
... updajtat mi noce WIN XP prof, ker imam premalo prostora na sys disku C:... na kar ugotovim, ko pobrisem recimo temp 500 Mb... da tudi nekaj casa je prostor potem pa se spet zafila... pomojem mora biti to en virus, torjanc, cirv... iz racunalnika sem izbrisal ze vec kot za 2Gb prostora, pa mi se kr pravi da ni prostora na disku in dejansko ga res ni, nekdo mora prazen prostor zapolnjevati...
... preiskal sem ze s programi NOD32, search and destroy in Trojan Removerjem... in ne najde nic... !!! ... imate vi kaksen predlog s cim se naj izbrisem oz kaj drugega...
H V A L A ! ! !
... updajtat mi noce WIN XP prof, ker imam premalo prostora na sys disku C:... na kar ugotovim, ko pobrisem recimo temp 500 Mb... da tudi nekaj casa je prostor potem pa se spet zafila... pomojem mora biti to en virus, torjanc, cirv... iz racunalnika sem izbrisal ze vec kot za 2Gb prostora, pa mi se kr pravi da ni prostora na disku in dejansko ga res ni, nekdo mora prazen prostor zapolnjevati...
... preiskal sem ze s programi NOD32, search and destroy in Trojan Removerjem... in ne najde nic... !!! ... imate vi kaksen predlog s cim se naj izbrisem oz kaj drugega...
H V A L A ! ! !
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | analiza hijack thisOddelek: Pomoč in nasveti | 1928 (1708) | klaudija |
| » | problem z računalnikom!!Oddelek: Pomoč in nasveti | 2279 (2078) | mjk |
| » | winxp, safe mode ne dela, problem z registromOddelek: Pomoč in nasveti | 2087 (2019) | SkIDiver |
| » | Težave Firefox-omOddelek: Pomoč in nasveti | 2133 (2006) | mikes |
| » | Trojan big problem:(Oddelek: Strojna oprema | 3780 (3573) | mini-moris |